14 matches found
CVE-2025-67496 WeGia is Vulnerable to XSS through id_pessoa Parameter on Password Configuration Page
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Versions 3.5.4 and below contain a Stored Cross-Site Scripting XSS vulnerability in the /WeGIA/html/geral/configurarsenhas.php endpoint. The application does not sanitize user-controlled data before...
CVE-2025-67496
WeGIA CVE-2025-67496 affects version 3.5.4 and earlier; Stored XSS in /WeGIA/html/geral/configurar_senhas.php occurs because user-controlled data (employee names) are retrieved from DB and inserted into HTML elements without proper escaping. This can allow script injection via the employee dropd...
PT-2025-50279
Name of the Vulnerable Software and Affected Versions WeGIA versions 3.5.4 and below Description WeGIA, an open source Web Manager for Institutions, is affected by a Stored Cross-Site Scripting XSS issue. The application fails to sanitize user-controlled data before rendering it within the employ...
Burgerportaal 安全漏洞
Burgerportaal is a GPP-Woo open source site for reading public documents. A security vulnerability exists in Burgerportaal versions prior to 2.0.3, prior to 3.0.2, and prior to 4.0.1, which stems from the exposure of employee names and e-mail addresses in a web response, which could lead to...
PT-2025-41823
Name of the Vulnerable Software and Affected Versions gpp-burgerportaal versions prior to 2.0.3 gpp-burgerportaal versions prior to 3.0.2 gpp-burgerportaal versions prior to 4.0.1 Description gpp-burgerportaal is a Dutch government citizen portal application. In affected versions, the name and...
saleor 输入验证错误漏洞
Github saleor is a headless GraphQL commerce platform that delivers a super-fast, dynamic, personalized shopping experience. Beautiful online store, anywhere, on any device. saleor suffers from an input validation error vulnerability that stems from a number of GraphQL mutations that do not...
Synel Eharmonynew 授权问题漏洞
Synel Eharmonynew is a time and attendance system from Synel Israel. Synel eharmonynew suffers from an authorization issue vulnerability that stems from the ability to log in to the system using default credentials and export eHarmony system reports containing sensitive data employee names,...
CVE-2021-27605
SAP's HCM Travel Management Fiori Apps V2, version - 608, does not perform proper authorization check, allowing an authenticated but unauthorized attacker to read personnel numbers of employees, resulting in escalation of privileges. However, the attacker can only read some information like last...
Easy Intelligence Gathering: theHarvester
The objective of this program is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database. This tool is intended to help Penetration testers in the early stages of the penetration te...
New Relic: newrelic.atlassian.net - jira information disclosure
The ticket raising system used by newrelic suffers from an informational vulnerability where in an attacker can view certain details about open bugs or project information of newrelic. Details include employee names and potentially email address and ticket names which an unauthorized personnel ca...
[TheHarvester v2.2] The Information Gathering Suite
The objective of this program is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database. This tool is intended to help Penetration testers in the early stages of the penetration te...
New Jigsaw Hacking Tool Spotted in Attacks
If you’ve run an internal phishing exercise, chances are you may have used Jigsaw, an open source penetration testing tool that enables security teams to automatically generate email address combinations from a minimal amount of public information. As with other open source security and networkin...
[theHarvester v2.2a] Tool for Gathering
theHarvester is a tool for gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database. This tool is intended to help Penetration testers in the early stages of the penetration test in ord...
80K Records' Breached in Iowa Gaming Hack
Around 80,000 Iowa employee names, birth dates and social security numbers have been exposed after an Iowa Gaming Commission server was hacked. Read the full article. Secure Computing...